[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-7458":6},{"stargazers_count":4,"fetched_at":5},5,"2026-05-02T06:24:39.445Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":262,"aliases":263,"duplicate_of":9,"upstream":264,"downstream":265,"duplicates":266,"related":267,"reserved_at":9,"published_at":268,"modified_at":268,"state":269,"summary":270,"references_raw":277,"kevs":299,"epss":9,"epss_history":300,"metrics":301,"affected":308},"CVE-2026-7458","The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the \"user_verification_form_wrap_process_otpLogin\" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a \"true\" OTP value.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-288","Authentication Bypass Using an Alternate Path or Channel","The product requires authentication, but the product has an alternate path or channel that does not require authentication.","weakness","Incomplete","Base",[19,81],{"id":20,"name":21,"techniques":22},"CAPEC-127","Directory Indexing",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1083","File and Directory Discovery",[27],{"id":28,"name":29},"TA0102","Discovery",[31,36,40,45,50,55,60,65,69,73,77],{"id":32,"name":33,"tactic":34},"D3-FA","File Analysis",{"name":35},"Detect",{"id":37,"name":38,"tactic":39},"D3-FIM","File Integrity Monitoring",{"name":35},{"id":41,"name":42,"tactic":43},"D3-FEV","File Eviction",{"name":44},"Evict",{"id":46,"name":47,"tactic":48},"D3-DF","Decoy File",{"name":49},"Deceive",{"id":51,"name":52,"tactic":53},"D3-FE","File Encryption",{"name":54},"Harden",{"id":56,"name":57,"tactic":58},"D3-RF","Restore File",{"name":59},"Restore",{"id":61,"name":62,"tactic":63},"D3-LFP","Local File Permissions",{"name":64},"Isolate",{"id":66,"name":67,"tactic":68},"D3-CF","Content Filtering",{"name":64},{"id":70,"name":71,"tactic":72},"D3-RFAM","Remote File Access Mediation",{"name":64},{"id":74,"name":75,"tactic":76},"D3-CQ","Content Quarantine",{"name":64},{"id":78,"name":79,"tactic":80},"D3-CM","Content Modification",{"name":64},{"id":82,"name":83,"techniques":84},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[85,120,159],{"id":86,"name":87,"tactics":88,"countermeasures":95},"T1211","Exploitation for Stealth",[89,92],{"id":90,"name":91},"TA0030","Defense Evasion",{"id":93,"name":94},"TA0005","Stealth",[96,100,104,108,112,116],{"id":97,"name":98,"tactic":99},"D3-MBT","Memory Boundary Tracking",{"name":35},{"id":101,"name":102,"tactic":103},"D3-PCSV","Process Code Segment Verification",{"name":35},{"id":105,"name":106,"tactic":107},"D3-SSC","Shadow Stack Comparisons",{"name":35},{"id":109,"name":110,"tactic":111},"D3-PSEP","Process Segment Execution Prevention",{"name":54},{"id":113,"name":114,"tactic":115},"D3-SAOR","Segment Address Offset Randomization",{"name":54},{"id":117,"name":118,"tactic":119},"D3-SFCV","Stack Frame Canary Validation",{"name":54},{"id":121,"name":122,"tactics":123,"countermeasures":129},"T1542.002","Component Firmware",[124,125,126],{"id":90,"name":91},{"id":93,"name":94},{"id":127,"name":128},"TA0110","Persistence",[130,135,139,143,147,151,155],{"id":131,"name":132,"tactic":133},"D3-SWI","Software Inventory",{"name":134},"Model",{"id":136,"name":137,"tactic":138},"D3-AVE","Asset Vulnerability Enumeration",{"name":134},{"id":140,"name":141,"tactic":142},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":35},{"id":144,"name":145,"tactic":146},"D3-FV","Firmware Verification",{"name":35},{"id":148,"name":149,"tactic":150},"D3-FBA","Firmware Behavior Analysis",{"name":35},{"id":152,"name":153,"tactic":154},"D3-SU","Software Update",{"name":54},{"id":156,"name":157,"tactic":158},"D3-RS","Restore Software",{"name":59},{"id":160,"name":161,"tactics":162,"countermeasures":171},"T1556","Modify Authentication Process",[163,164,167,168],{"id":90,"name":91},{"id":165,"name":166},"TA0112","Defense Impairment",{"id":127,"name":128},{"id":169,"name":170},"TA0031","Credential Access",[172,176,180,184,186,188,192,196,200,204,206,210,214,218,222,224,226,228,232,234,236,238,240,242,246,250,254,258],{"id":173,"name":174,"tactic":175},"D3-CI","Configuration Inventory",{"name":134},{"id":177,"name":178,"tactic":179},"D3-NTPM","Network Traffic Policy Mapping",{"name":134},{"id":181,"name":182,"tactic":183},"D3-AM","Access Modeling",{"name":134},{"id":32,"name":33,"tactic":185},{"name":35},{"id":37,"name":38,"tactic":187},{"name":35},{"id":189,"name":190,"tactic":191},"D3-PLA","Process Lineage Analysis",{"name":35},{"id":193,"name":194,"tactic":195},"D3-PSMD","Process Self-Modification Detection",{"name":35},{"id":197,"name":198,"tactic":199},"D3-PSA","Process Spawn Analysis",{"name":35},{"id":201,"name":202,"tactic":203},"D3-SFA","System File Analysis",{"name":35},{"id":41,"name":42,"tactic":205},{"name":44},{"id":207,"name":208,"tactic":209},"D3-PT","Process Termination",{"name":44},{"id":211,"name":212,"tactic":213},"D3-PS","Process Suspension",{"name":44},{"id":215,"name":216,"tactic":217},"D3-HR","Host Reboot",{"name":44},{"id":219,"name":220,"tactic":221},"D3-HS","Host Shutdown",{"name":44},{"id":46,"name":47,"tactic":223},{"name":49},{"id":51,"name":52,"tactic":225},{"name":54},{"id":56,"name":57,"tactic":227},{"name":59},{"id":229,"name":230,"tactic":231},"D3-RC","Restore Configuration",{"name":59},{"id":66,"name":67,"tactic":233},{"name":64},{"id":61,"name":62,"tactic":235},{"name":64},{"id":70,"name":71,"tactic":237},{"name":64},{"id":74,"name":75,"tactic":239},{"name":64},{"id":78,"name":79,"tactic":241},{"name":64},{"id":243,"name":244,"tactic":245},"D3-KBPI","Kernel-based Process Isolation",{"name":64},{"id":247,"name":248,"tactic":249},"D3-SCF","System Call Filtering",{"name":64},{"id":251,"name":252,"tactic":253},"D3-HBPI","Hardware-based Process Isolation",{"name":64},{"id":255,"name":256,"tactic":257},"D3-ABPI","Application-based Process Isolation",{"name":64},{"id":259,"name":260,"tactic":261},"D3-WSAM","Web Session Access Mediation",{"name":64},[],[],[],[],[],[],"2026-05-02T04:27:43.795Z","Received",{"cisa_kev":271,"cisa_ransomware":271,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":272,"severity_score":273,"severity_version":274,"severity_source":275,"severity_vector":276,"severity_status":269},false,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[278,283,287,291,295],{"url":279,"sources":280,"tags":282},"https://www.wordfence.com/threat-intel/vulnerabilities/id/35b86488-8f68-4738-a9a8-76d0b7976165?source=cve",[275,281],"nvd",[],{"url":284,"sources":285,"tags":286},"https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/hook.php%23L164?rev=3461175",[275,281],[],{"url":288,"sources":289,"tags":290},"https://plugins.trac.wordpress.org/browser/user-verification/trunk/includes/functions-rest.php%23L234?rev=3461175",[275,281],[],{"url":292,"sources":293,"tags":294},"https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/index.php%23L71?rev=3461175",[275,281],[],{"url":296,"sources":297,"tags":298},"https://plugins.trac.wordpress.org/changeset/3519113/user-verification",[275,281],[],[],[],[302,306],{"source":275,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":303,"cvss_v4_0":9},{"baseScore":273,"baseSeverity":304,"vectorString":276,"impactScore":273,"exploitabilityScore":305},"CRITICAL",10,{"source":281,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":307,"cvss_v4_0":9},{"baseScore":273,"baseSeverity":304,"vectorString":276,"impactScore":273,"exploitabilityScore":305},[309],{"ecosystem":9,"name":310,"vendor":311,"product":312,"cpe_part":313,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":314},"User Verification by PickPlugins","pickplugins","user verification by pickplugins","a",[315],{"version":316,"is_range":317,"range_type":275,"version_start":9,"version_start_type":9,"version_end":318,"version_end_type":319,"fixed_in":9},"\u003C= 2.0.46",true,"2.0.46","including"]